<?php
/**
 * 找回密码控制器
 * @author yanghj 2014.5.29
 */
class Find_passwordApp extends MallbaseApp
{
    var $_password_mod;
    var $step;
    function __construct()
    {
        $this->Find_passwordApp();
    }

    function Find_passwordApp()
    {
        parent::FrontendApp();
        $this->_password_mod = &m("member");
        $this->step = isset($_GET['step']) ? intval($_GET['step']) : 1;
        $this->assign('app_img', 'loginfindp.png');
        $this->assign('step', $this->step);
    }

    /**
     * 显示文本框及处理提交的用户信息
     *
     */
    function index()
    {
       $set_type = isset($_GET['set_type']) ? trim($_GET['set_type']) : 'email';      
       if($this->step == 1)
       {
           if(!IS_POST)
           {
               $this->import_resource('jquery.plugins/jquery.validate.js,jquery.plugins/additional-methods.js');
               $this->display("find_password.html");
               return;
           }
           else
           {
               $addr = $_SERVER['HTTP_REFERER'];
               if (empty($_POST['username']) || empty($_POST['captcha']))
               {
                   $this->show_warning("unsettled_required",
                       'go_back', $addr);
                   return ;
               }
               if (base64_decode($_SESSION['captcha']) != strtolower($_POST['captcha']))
               {
                   $this->show_warning("captcha_faild",
                       'go_back', $addr);
                   return ;
               }
               $username = trim($_POST['username']);
    
               /* 简单验证是否是该用户 */
               $user_id = $this->_password_mod->getOne("SELECT user_id FROM {$this->_password_mod->table} WHERE user_name = '{$username}' ");
               if (empty($user_id))
               {
                   $this->show_warning('该账户名不存在',
                       'go_back', $addr);
    
                   return;
               }
               $safety_mod = &m('usersafety');
               $safety_data = $safety_mod->getRow("SELECT binding_email,binding_mobile FROM {$safety_mod->table} WHERE user_id = {$user_id} ");
               if(empty($safety_data['binding_email']) && empty($safety_data['binding_mobile']))
               {
                   $this->show_warning('你还没有绑定邮箱和手机，如需找回密码，请联系客服。','返回首页', 'index.php');   
                   return;
               }
               $_SESSION['find_password_user_id'] = $user_id;
               $_SESSION['find_password_user_name'] = $username;
               $_SESSION['find_password_step'] = 2;
               if(empty($safety_data['binding_email']))
               {
                   header("Location:index.php?app=find_password&set_type=mobile&step=2");
               }
               else
               {
                   header("Location:index.php?app=find_password&set_type=email&step=2");
               }               
               return;
           }
        
       }
       if($this->step == 2 && $_SESSION['find_password_step'] == 2 && $_SESSION['find_password_user_id'])
       {
           $safety_mod = &m('usersafety');
           $user_id = $_SESSION['find_password_user_id'];
           if(!IS_POST)
           {               
               $safety_info = $safety_mod->getRow("SELECT binding_email,binding_mobile FROM {$safety_mod->table} WHERE user_id = {$user_id} ");
               if($safety_info['binding_mobile'])
               {
                  $safety_info['hide_mobile']= hide_account($safety_info['binding_mobile'], 2);               
               }
               if($safety_info['binding_email'])
               {
                  $safety_info['hide_email']= hide_account($safety_info['binding_email'], 1);               
               }                           
               $this->import_resource('jquery.plugins/jquery.validate.js,jquery.plugins/additional-methods.js,user.validate.js');               
               $this->assign('set_type', $set_type);
               $this->assign('safety_info', $safety_info);
               $this->display("find_password.html");
               return;
           }
           else
           {
               $mobile_code = trim($_POST['mobile_verification_code']);
               $binding_mobile = $safety_mod->getOne("SELECT binding_mobile FROM {$safety_mod->table} WHERE user_id = {$user_id} ");
                if(!$binding_mobile)
                {
                     $this->show_warning("请先绑定手机再设置",'goback', 'index.php?app=account_security&act=authen_verify&mode=set_mobile');
                     return ;
                }
                if(!isset($_SESSION['start_sent_time']) || time() - $_SESSION['start_sent_time'] > 1800)
                {
                    $this->show_warning("手机验证码已无效请重新发送!");
                    return;
                }
                if ($binding_mobile != $_SESSION['mobile'])
                {
                    $this->show_warning("手机号码不正确!");
                    return false;
                }
                if($mobile_code != $_SESSION['mobile_code'])
                {
                    $this->show_warning("手机验证码错误!");
                    return;
                }       
                
               header("Location:index.php?app=find_password&act=set_password&set_type=mobile");
               return;
           }
       }
       else
       {
           header("Location:index.php?app=member");
           return;
       }
       
    }

    /**
     * 显示设置密码及处理提交的新密码信息
     *
     */
    function set_password()
    {
        $set_type = isset($_GET['set_type']) ? trim($_GET['set_type']) : 'email';
        if (!IS_POST)
        {
            if($set_type == 'email')//邮箱方式设置密码
            {
                if (!isset($_GET['id']) || !isset($_GET['activation']) || empty($_GET['activation']))
                {
                    $this->show_warning("request_error",
                        'back_index', 'index.php');
                    return ;
                }
                $id = intval(trim($_GET['id']));
                $activation = trim($_GET['activation']);
                $email_log_mod = &m('emaillog');
                $res = $email_log_mod->getRow("SELECT active_code,send_email FROM {$email_log_mod->table} WHERE user_id = {$id} AND code_type=1");
    
                if ($activation != $res['active_code']) {
                    $this->show_warning("该验证链接无效,请重新发送邮件验证!",
                        'back_index', 'index.php?');
                    return;
                }               
            }
            
            if($set_type == 'mobile')//手机方式设置密码
            {
                if (!isset($_SESSION['find_password_step']) || !isset($_SESSION['mobile_code']) || !isset($_SESSION['find_password_user_id']))
                {
                    $this->show_warning("request_error",
                        'back_index', 'index.php');
                    return ;
                }
                $id = $_SESSION['find_password_user_id'];
                $activation = $_SESSION['mobile_code'];              
            }
            
            $this->assign('id', $id);
            $this->assign('activation', $activation);
            $this->import_resource('jquery.plugins/jquery.validate.js,jquery.plugins/additional-methods.js,user.validate.js');
            $this->display("set_password.html");
        }
        else
        {
            
            if (empty($_POST['id']) && empty($_POST['activation']))
            {
                $this->show_warning("request_error",
                    'back_index', 'index.php');
                return ;
            }
            $id = intval(trim($_POST['id']));
            $activation = trim($_POST['activation']);
            if($set_type == 'email')//邮箱方式设置密码
            {
                $email_log_mod = &m('emaillog');
                $res = $email_log_mod->getRow("SELECT active_code,send_email FROM {$email_log_mod->table} WHERE user_id = {$id} AND code_type=1");
                if ($activation != $res['active_code']) {
                    $this->show_warning("该验证链接无效,请重新发送邮件验证!",
                        'back_index', 'index.php?');
                    return;
                }
                $email_log_mod->add_edit(array('active_code' => '', 'code_type' => 1), $id);
                if ($email_log_mod->has_error()) {
                    $this->show_warning($email_log_mod->get_error());
    
                    return;
                }
                    
            }
            if($set_type == 'mobile')//手机方式设置密码
            {
                if (!isset($_SESSION['find_password_step']) || !isset($_SESSION['mobile_code']) || !isset($_SESSION['find_password_user_id']))
                {
                    $this->show_warning("request_error",
                        'back_index', 'index.php');
                    return ;
                }
                if ($activation != $_SESSION['mobile_code']) {
                    $this->show_warning("手机验证码不正确,请重新发送!",
                        'back_index', 'index.php?');
                    return;
                }             
            }

            if (empty($_POST['new_password']) || empty($_POST['confirm_password']))
            {
                $this->show_warning("unsettled_required");
                return ;
            }
            if (trim($_POST['new_password']) != trim($_POST['confirm_password']))
            {
                $this->show_warning("password_not_equal");
                return ;
            }
            $password = trim($_POST['new_password']);
            $password_level     = (int)($_POST['password_level'])<1 ? 1 :(int)($_POST['password_level']); 
            $passlen = strlen($password);
            if ($passlen < 6 || $passlen > 20)
            {
                $this->show_warning('password_length_error');

                return;
            }
            $old_password=trim($_POST['new_password']);

            $ms =& ms();        //连接用户系统
            $ms->user->edit($id, $old_password, array('password' => $password, 'password_level' => $password_level), true); //强制修改
            if ($ms->user->has_error())
            {
                $this->show_warning($ms->user->get_error());

                return;
            }

            header("Location:index.php?app=find_password&act=set_succeed");
            return ;
        }

    }
    /**
     * 设置密码成功
     *
     */
    function set_succeed()
    {
        if($_SESSION['find_password_step'])
        {
            if($_SESSION['find_password_user_id']){unset($_SESSION['find_password_user_id']);}
            if($_SESSION['find_password_user_name']){unset($_SESSION['find_password_user_name']);}
            if($_SESSION['find_password_step']){unset($_SESSION['find_password_step']);}
            $this->drop_mobile_session();
           $this->display("set_password.succeed.html"); 
        }
        else
        {
           header("Location:index.php");
            return ; 
        }
    }

    /**
     *    检查用户是否存在
     *
     *    @author    Garbin
     *    @return    void
     */
    function check_user()
    {
        $user_name = empty($_GET['username']) ? null : trim($_GET['username']);
        if (!$user_name)
        {
            echo ecm_json_encode(false);

            return;
        }
        $ms =& ms();

        echo ecm_json_encode(!$ms->user->check_username($user_name));
    }
    
    /**
     * 验证完后把手机号码验证码$_SESSION['mobile_code']与手机$_COOKIE['mobile']删除
     *
     */
    function drop_mobile_session()
    {
        if(isset($_SESSION['mobile_code']))
        {
            unset($_SESSION['mobile_code']);
        }
        if(isset($_SESSION['mobile']))
        {
            unset($_SESSION['mobile']);
        }        
        if(isset($_SESSION['start_sent_time']))
        {
            unset($_SESSION['start_sent_time']);
        }          
        
    }
    
}
?>
